Braindump

Get this stuff out of my head.

The Story 2012 : Getting Some Perspective

| Comments

Last week I went to The Story 2012.  Over the previous 2 years I had seen it become one of the ‘must attend’ conferences of the year, but I had not been before.  I went with the expectation that it would bear little direct application to my working day.  When a friend asked how I justify the day to my corporate overlords my answer was effectively “I don’t - this is a refresher. A chance to recharge”.  And this is exactly what I got - which is a bit odd considering how tired I was by the time I left.

The line up was brilliant, a mixture of names I knew and wanted to hear speak and plenty I had never heard of.  The stories took us from how buying supplies for your monster can help nurture the shoots of creative writing in Hoxton, through re-opening the wounds of the miners’ strike to how the founder member of the anarchist yacht club helped billionaires with their sea-steading ambitions.

There were far too many amazing stories to repeat here, so instead I want to recall (via my dubious notes so please excuse rampant paraphrasing) some of the points I found most interesting.

 

Matt Sheret and Simon Thornton discussed how the order of tracks on an album is a form of narrative. Artists and producers spend long hours trying to decide which order to put the tracks to manipulate the listeners’ mood.  Often this is in opposition to the record company who want to manipulate the listeners’ propensity to buy.

Strangely the record company’s  interest in track order belies that fact that they have been using music sharing to drive sales for a very long time.  Why would they care if the hit single is early in the order as the listener has already paid for it - unless, of course record companies have been relying on music sharing to sell their plastic products.

 

It was fascinating to hear from Jeremy Deller about the impact that miner’s strike of the eighties had on his life.  He found it to be one of those defining moments that rippled throughout the rest of his life.  It seems that the pervasive bias of all the media coverage of the time has prayed on Jeremy’s mind ever since.  And quite rightly so as the extent of that bias has never been properly exposed and our impression of miners and their communities is still tainted to this day.

To attempt to redress this imbalance Jeremy staged a reconstruction (using historical re-enactment groups) of the Battle of Orgreave to retell the story with a deliberate bias toward the miners’ point of view. The event was filmed (directed by Mike Figgis) for Channel 4 but, sadly is not available on 4oD.   The gaining a different perspective on a situation or story was one that seemed to repeat itself through the day.

 

After lunch we were treated to an on stage conversation between Emily Bell (former Director of Digital at the Guardian) and Tom Watson (Labour MP and member of the Culture, Media and Sport Select Committee) about their respective roles in the uncovering of the New International phone hacking scandal in the face of the refusal of most of the media outlets in the UK to report the story. It was incredibly refreshing to hear from representatives of two professions that, over the past few years, have lost significant public trust through the actions of a few of their number.  Tom and Emily show us that there is yet hope for UK democracy.

Tom made 2 comments that relate to my recurring theme:

I’d been watching a lot of The Wire, so I thought to myself “What would Lester Freamon do?”.  The answer was - follow the money.

and

I thought “What’s the worst that could happen?”.  The worst is that they run me out of politics.

Both comments show how, faced with what seems an insurmountable problem, thinking from a different perspective can provide new clarity and perhaps the inspiration needed to make incredibly brave decisions.


The story from Scott Bunham was quite astounding.  He told how citizens of Amsterdam were co-opted to help create a huge representation of a Stefan Sagmeister statement out of 350,000 Euro cent coins.  The result was a huge piece of public art that was expected to degrade (i.e. get changed or stolen) over time.  It was going to be interesting to watch how the public interacted with the piece.

Unfortunately, the local police department thought that the temptation would be too much for the citizens of Amsterdam to bear and decided to scoop the art work into plastic bags and store it back at the police station safely out of harms way.

Some people’s perspective on the value of things is limited to the risk or impact of losing them.


I hadn’t heard of Ellie Harrison before she spoke, but I had heard of one of her projects. She once photographed everything she ate for an entire year.  She continued to do this for the following 4 years. This lead to other personal data logging projects including all of her journeys on London Underground (total 9,236km) and her ‘gaseous emissions’ for an entire year.  Eventually she recognised that all this data logging had become an obsession and decided to stop - a liberating experience apparently.

Since then Ellie has applied her playful outlook to many other projects such as a vending machine that only dispenses food when the economic crisis is mentioned on the BBC News website and a visualisation of the 2010 general election as a drinking game.


The day finished on Danny O’Brien who started his presentation by showing how too much perspective was not a good thing by showing a picture of the the entire known universe which, it turns out is a monotonous and featureless blur.  This is known as The End of Greatness, but was mostly a means for Danny to claim that his presentation had covered everything.  

Danny then went on to explain what he has been doing since he went to California and the great newsletter that was NTK went into hibernation (his final slide stated ‘ask me about ntk’ - I intend to).  His story involved billionaires, anarchists, yachts, sea-steading and an ordained Rinpoche.  He told of how it was sometime difficult to tell the difference between the two groups that emerged from the Internet boom of the Nineties.  The dot-com million/billionaires and the political motivated anarchists.  Not only do members of these communities often look the same (sandals, beards, complete disregard for fashion) but they both feel that the current world order is broken. 

Danny told of how a group of uber-libertarian silicon valley billionaires are trying to create new nation states (on makeshift rafts in International waters - known as sea-steading) and had ironically recruited members of the Anarchists Yacht Club to help them with their seaworthiness.

To me the whole sea-steading thing is an extension of the tendency I’ve seen in every geek/developer I’ve ever known (including myself) to want to ‘just rebuild it from scratch’ applied to societies.   I guess when you’re  billionaire then nothing is un-re-enginerable.


The Story was a fantastic event and did exactly what I had hoped it would - refreshing the parts that other conferences fail to reach.  It has given me the push to take a step back, gain some perspective and work out how I can tackle those big problems form a different direction.

Thank you to the speakers and Matt Locke and everyone who worked to put the event on.  Mostly thanks to all the people who I met and chatted to at the event and in the pub afterwards and sorry if I didn’t manage to talk.  There’s always TheStory 2013.


 

Password Policies That Cause Bad Behaviour

| Comments

There is one sure fire indicator of how well an organisation understands data security.  Its password policies. And so many organisations fail so badly so often.

Most password systems are in place simply to allow the system to verify a your identity (they can also be used to verify authority - but it this is rarely seen these days).  This is done by using one or ‘factors’ that the you provide to show:

  • what you know (a password)
  • what you have (one of those key fob dongle things)
  • who you are (biometrics like fingerprints or retina scans)

All of these are based on assumptions such as your key fob hasn’t been stolen or your fingers cut off by international terrorists in order to gain access to the missile launch system.  Of course the most common assumption is that you and only you know your password.

This assumption is a perfectly reasonable assumption if  you have been properly trained about the importance of not sharing your password or writing it on a post-it now stuck to your monitor.  And it an organisations policies that show how well they understand that they are making this assumption.

Unfortunately, it seems that so many organisations create and enforce policies that do everything possible to break this assumption. Policies that insist:

  • require a new password to be created every 30 days (and try and prevent the reuse of old passwords)
  • insist on passwords including numbers and capital letters,
  • limit the length of the password to just a dozen or so characters.

All of these make it more difficult to remember a password (as so wonderfully explained by XKCD), thus driving you to do one of two things

  • write down your password in a list somewhere
  • request a new password every time you forget it and want to use the system

Writing down the password is obviously a bad thing as it increases the chances of that assumption about only you knowing it.  At worst it will mean anyone who can see the post-it stuck to your monitor can your password. At best it will mean that anyone who has access to your note book, telephone, or online password management tool has access.

The affect of getting a new password (invariably sent by email) is that your password is effectively exposed to anyone who can read your email.  And that means

  • the staff who look after your email system
  • people who work at your Internet service provider
  • anyone who can access your computer, phone or other devices when you aren’t looking

Effectively, an email based ‘forgotten password’ mechanism delegates the security of any system to the security provided by your email system and devices.

 

There are lots of potential ways to fix this problem, single-sign-on servers, 2 factor login systems, sensible password policies, locked down email, but the underlying issue is that the people who run the information security function of an organisation should consider that they job is not about computer authentication and identity systems, or document and data management.  Their job is about changing people’s behaviour, about understanding how they work, and why they do what they do and how you can persuade them to behave differently.

Event Sponsorship Opportunity of Wifi Fail

| Comments

If you’ve ever been to a tech conference or event, I’m sure you’ve noticed how the wifi always seems to fall over. The venue owners alway seem to under estimate the number of wifi devices that are used by techies. I have a version 1 iPad so have to have my phone connected too in order to take and post photos. Also, I understand that iOS devices (iPhones and iPads) treat wifi access point really badly and too many in the same place will cause routers to crash horribly.

Quite why venues can’t do a bit of testing and actually check how far their wifi provision can be pushed is a mystery to me, but when typing in a wifi password for the umpteenth time at a recant event it occurred to me (and my friend @chrisdymond) that someone is missing an opportunity to take advantage of this failure.

If a company were to sponsor the wifi login password and brand up the login page (if it’s a proxy based authentication system), then their name would be embedded in the attendee’s brain for days. It’s something they would simply HAVE to remember. A good combination of username and password could help too:
Username: acme-web-apps
Password: good-UX

Of course they would run the risk of forever being associated with failure!

I heard from Chris this morning that the password for the wifi at Activate2011 is sponsored by Barclaycard. Let’s hope it doesn’t crash eh!